Hallo,
What does not work?
In fact I had similar problems (Solaris 2.6, openldap 2.1.2) which were solved as soon as I wrote "access" statements in one line! Try
access to attr=userPassword by self write by anonymous auth by dn="cn=Manager,dc=mrball,dc=net" write by * none
instead of
access to attr=userPassword
by self write
by anonymous auth
by dn="cn=Manager,dc=mrball,dc=net" write
by * none
Cheers, Vadim Tarassov.
-----Ursprüngliche Nachricht-----
Von: Jan-Philipp Mayer [mailto:newsgroups@mayersnet.de]
Gesendet: Freitag, 30. August 2002 10:14
An: openldap-software@OpenLDAP.org
Betreff: PAM-Authentication / ACL
Hello,
I try to write an ACL for my OpenLDAP 2.0.25 installation. I want to allow users to login using PAM. Authenticated users may read some, not all attributes; anonymous users should not be able to see any entry of the directory at all. I can not figure out, which attributes must be readable in order to allow PAM to authenticate. In my pam_ldap.conf it says:
---------------
pam_filter objectclass=posixAccount
pam_login_attribute uid
---------------
If I set my ACL to "access to * by * read" it works but with
access to attr=userPassword
by self write
by anonymous auth
by dn="cn=Manager,dc=mrball,dc=net" write
by * none
access to attr=dn,objectclass,loginShell,objectClass,o,entry,uidNumber,gidNumber,dc,uid
by anonymous read
by * read
access to *
by self read
by users read
by anonymous auth
it does not.
Could anyone help me with this?
Thank you in advance,
Jan-Philipp Mayer